Rules

Secret ingredients to quality software

Edit
Info

Do you turn off auto update on your servers?

Created on 24 Jun 2010 | Last updated by Steven Andrews on 12 Feb 2020 11:54 PM (about 1 year ago)

This rule has been archived
Archived Reason: https://rules.ssw.com.au/do-you-turn-off-auto-update-on-your-servers

It is not a good idea to have Windows Update automatically updating your servers.  There are a few reasons.

  1. The hotfix could bring down a production environment. (This issue previously happened)
  2. In fact, even in a development environment this could be hours of lost work as the development team struggles to understand why only some of the developers' servers  magically and mysteriously broke overnight.
  3. Windows Update could restart your server, or put your server in a state where it requires restarting - preventing any urgent MSI installs without bringing down the server.

Windows Update remains the best thing for end-users to protect their systems.  But in a server, especially a production server environment - Windows Update patches are just like any new versions of the software that's built internally.  It should be tested and then deployed in a controlled manner.

So recommendations:

  1. Windows Updates may be critical and should be kept relatively up to date.
  2. Have a plan where your awesome Network Admins schedule time to keep the servers up to date - including testing that the servers still perform its functions.
  3. Turn off Automatic Windows Update on Windows Servers
John LiuJohn Liu
Adam CoganAdam Cogan

We open source. This page is on GitHub